If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

How do I hide my source code?

Unbelievable. If you look in the JavaScript section right now, there are currently three threads on this very subject. I know there is already a "posting guidelines" sticky in the JavaScript section, but maybe someone should consider adding another sticky about how hiding the source code (or attempting to) is absolutely impossible and completely pointless? This should cut down the number of duplicate threads on this subject.

Ok, here are my thoughts why people try to hide their source code, why it is pointless for HTML and what are the alternatives for CSS and JS. Feel free to edit the post, Pete.

It is natural for web developers, as for any type of creators, to be protective of their work. This desire however is practically imposible to fulfill in the realm of the World Wide Web. Any information leaving a server unencripted (or the one subsequently decripted by the client for processing) becomes public domain and therefore can be saved, copied, analized and reused.

Still there are plenty of web developers who attempt to block ability of web site visitor to access thier code. The irony of the situation is that such web developers are most of the times amatures who do not understand the web technology in depth (otherwise they would not be wasting their time on things like "no right click" scripts) and the code they are trying to protect is not worth much anyway.

While few years ago, when HTML used to contain both content and presentation, one could justify their desire to hide the source code by unwillingness to reveal their layout tricks (on the same token the only trick one would find in such a code was the number of table nestings required to achieve the effect). Nowadays when those who can be called "prefessional web developers" leave presentational elements to style sheets, hiding HTML source becomes a mute point. HTML source does not contain much more than what the user sees on their browser screen - source code for a paragraph of text adds only opening and closing tags to what user already sees.

Therefore authors who use right click and view-source: blocking do nothing but annoy their visitors by depriving them from navigation methods they are accustomed to, and declare themselves as amature web developers. Those who employ javascript HTML encription not only lose ~15% of their potential customers with javascript disabled, but also make thier site unusable for search engines which results in even higher customer losses. This is the type of HTML code protection that makes me ask a question: "Why put your site online, when no one can find it???"

The only weak arguement I still come across is: "my HTML source code still contains links to my stylesheets, scripts and images which I would like to protect". However there are plenty of ways to get those without looking at HTML source code, one is to use "Save Page As..." feature on a browser, another one is simply check the cached files folder.

While there is nothing that can prevent a determined and knowledgable person from copying a web site, there are ways to make it harder without affecting site usablity.

Making your CSS harder to get:
We all know about the CSS implementation bugs in IE and the need to have different styling for IE and gecko browsers when it comes to more complicated layouts. Usually it is accomplished by using IE (and older browser) hacks in the same stylesheet. Personally I prefer to use server side scripting to send browser adjusted stylesheet to the client. This method has certain pros and cons that have been extensively argued about, but one of the side effects of this approach is that potential thiefs would need to have you site saved by different browsers and either have the same server side code that performs browser detection, or have to study your stylesheets, understand the browser hacks that you are using and compile them into one - usually a task more difficult than writing own stylesheet from scratch.

JS protection:
While there are plenty of ways to scramble JS code so that it is harder to understand, it still can be done. Also good amount of scripts can work as is, so there is no real need to descramble them.
A better approach is to leave tracers in your script that tell you where your script is beeing used and go after theifs, when it is worth doing so. An example of a traces can be the following line:
(document.createElement('img')).src = 'http://www.mysite.com/tracer.php?URL='+document.url
where tracer.php is a server site script that logs the URL that used the script and also an IP address of the computer it was used on.